Lucene search
K

47 matches found

RedhatCVE
RedhatCVE
added 2026/01/15 3:15 p.m.6 views

CVE-2025-9142

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory...

7.5CVSS6.7AI score0.00072EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 2:30 p.m.3 views

CVE-2025-9142 Local privilege escalation in Harmony SASE Windows Agent

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory...

7.5CVSS6.3AI score0.00072EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 2:30 p.m.33 views

CVE-2025-9142 Local privilege escalation in Harmony SASE Windows Agent

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory...

7.5CVSS0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/01/14 2:30 p.m.14 views

CVE-2025-9142

CVE-2025-9142 concerns Harmony SASE Windows Client. Local users can trigger the client to write or delete files outside the intended certificate working directory due to insufficient validation in certificate processing before privileged service use. Symptoms described by Check Point indicate exp...

7.5CVSS6.3AI score0.00072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.12 views

PT-2026-2858

Name of the Vulnerable Software and Affected Versions Harmony SASE Windows client affected versions not specified Description A local user can trigger the software to write or delete files outside the intended certificate working directory. Recommendations At the moment, there is no information...

7.5CVSS5.9AI score0.00072EPSS
Exploits0References6
CheckPoint Security
CheckPoint Security
added 2026/01/13 12:0 a.m.17 views

Check Point Response to CVE-2025-9142 - Harmony SASE Windows Client Vulnerability

Cause The authentication and file-handling logic does not enforce strict trust boundaries. Under specific conditions, the system fails to validate data during certificate processing before using it in a privileged service component. Symptoms - A local attacker can trigger Harmony SASE Windows...

7.5CVSS5.5AI score0.00072EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/22 7:21 a.m.18 views

CVE-2025-34290

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS7AI score0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/20 9:30 p.m.5 views

EUVD-2025-204643

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS6.5AI score0.00095EPSS
Exploits0References3
NVD
NVD
added 2025/12/20 8:15 p.m.6 views

CVE-2025-34290

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS0.00095EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/20 8:1 p.m.3 views

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS6.6AI score0.00095EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/20 8:1 p.m.19 views

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS0.00095EPSS
Exploits0References2
CVE
CVE
added 2025/12/20 8:1 p.m.12 views

CVE-2025-34290

Versa SASE Client for Windows versions 7.8.7–7.9.4 contain a local privilege escalation in the audit log export feature. The client passes user-controlled file paths to a privileged service, which performs file-system operations without impersonating the requesting user. A TOCTOU race condition c...

8.5CVSS6.6AI score0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.7 views

PT-2025-52564

Name of the Vulnerable Software and Affected Versions Versa SASE Client for Windows versions 7.8.7 through 7.9.4 Description The software contains a local privilege escalation issue in the audit log export functionality. The client sends user-controlled file paths to a privileged service, which...

8.5CVSS6.7AI score0.00095EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.5 views

Versa SASE Client for Windows 安全漏洞

Versa SASE Client for Windows is a secure networking client from Versa USA. A security vulnerability exists in Versa SASE Client for Windows versions 7.8.7 through 7.9.4, which stems from a local elevation of privilege vulnerability in the Audit Log Export feature that could lead to arbitrary...

8.5CVSS6.7AI score0.00095EPSS
Exploits0References3
OSV
OSV
added 2025/10/14 4:15 p.m.3 views

CVE-2025-31366

An Improper Neutralization of Input During Web Page Generation vulnerability CWE-79 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all...

6.1CVSS5.3AI score0.00374EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 4:15 p.m.7 views

CVE-2025-31366

An Improper Neutralization of Input During Web Page Generation vulnerability CWE-79 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all...

6.1CVSS0.00374EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.5 views

Check Point Harmony SASE 安全漏洞

Check Point Harmony SASE is a Secure Access Service edge application from Check Point Israel. A security vulnerability exists in Check Point Harmony SASE that stems from improper log file access control, which could lead to information disclosure...

9.8CVSS6.2AI score0.00371EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2024/09/06 4:49 p.m.10 views

My Journey To CTO for Imperva App Sec

I’m delighted to be announcing that I’ve joined Imperva as the CTO for Application Security. Many of you readers know me as the Forrester analyst covering Zero Trust, SASE, and network security since before the pandemic. But what you might not have known is prior to that, I was in application...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/27 2:0 p.m.33 views

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...

7.2CVSS7.4AI score0.04006EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/06/03 10:56 a.m.35 views

SASE Threat Report: 8 Key Findings for Enterprise Security

Threat actors are evolving, yet Cyber Threat Intelligence CTI remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...

10CVSS10AI score0.99999EPSS
Exploits351
Rows per page
Query Builder